誠信經營

Integrity Management

Business Risk Management

To establish a comprehensive risk management structure, Arcadyan Board Directors approved Risk Management Policy and Procedure on November 10, 2022. The Policy and Procedure is to create a risk-award culture, assist the management to make informed business decisions and stabilize business operations toward corporate sustainability.

Based on company size, industry type, business characteristics, operation activities, and taking core values of corporate sustainability into consideration, Arcadyan has identified risk factors including strategic, operational, financial, information, compliance, integrity and other new emerging risks (e.g. climate change or infectious disease.) The nature and characteristics of identified risk events are studied, and the probability of the occurrence and impact level are analyzed, and further response measures are planned referring to the risk assessment conducted.

 

 

Arcadyan ISO 22301 Business Continuity Management Policy

 

 

Arcadyan's headquarters and overseas manufacturing centers obtain ISO 22301 Business Continuity Management System certification annually. They establish processes for analysis and risk assessment, evaluating the frequency and likelihood of risks based on the PPTISSFT (People, Premises, Technology, Information, Stakeholders, Suppliers, Finance, and Transportation) of critical activities. Recovery priorities, an Incident Management Plan (IMP), and a Business Continuity Plan (BCP) are set up to effectively manage any unforeseen events that could potentially disrupt Arcadyan's operations. In 2023, risk management and response strategies were developed based on key sustainability issues, as detailed below:

 

 

 

Arcadyan ISO 27001 Information Security Management Policy

To ensure the confidentiality, integrity, and availability of all information, Arcadyan follows the ISO/IEC 27001 international standard to establish internal control documents. Annually, internal and external audits are conducted to evaluate the risk levels of various process databases, scan system vulnerabilities, update information asset inventories, and execute related operational impact analyses, disaster recovery drills, user account privilege reviews, firewall configuration reviews, information security awareness and education training, penetration testing, governance committee meetings, and periodic social media exercises as control mechanisms.